Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(8554)

32
1
High Cost
glaforge icon

arxiv-mcp-server

by glaforge

Sec9

This server allows AI models to search for papers, retrieve paper details, and access PDF content from arXiv via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires JDK 21 or later
  • ⚠️Requires JBang to be installed and configured with a custom catalog
  • ⚠️Requires explicit `jbang trust add` for the source repository
Verified SafeView Analysis
The source code appears to be well-structured and does not contain obvious malicious patterns, hardcoded secrets, or dynamic code execution (e.g., 'eval'). Network calls are made to legitimate arXiv API endpoints. The `jbang` setup includes a `trust add` step, which explicitly addresses the security concern of running scripts from the internet. The `add-opens` JVM flag in `jbang-catalog.json` is a standard workaround for reflection issues in modular Java and not a security vulnerability.
Updated: 2026-01-19GitHub
32
2
Medium Cost
n-r-w icon
Sec9

Provides LLM agents with programmatic access to a centralized catalog of coding and API standards, optimizing context usage by dynamically loading relevant rules.

Setup Requirements

  • ⚠️Requires Go 1.25.1 or later for building from source.
  • ⚠️macOS users may need to manually grant execution permissions through System Settings for downloaded binaries.
  • ⚠️Standards must be placed in a specific folder (default: `~/agent-standards/standards`) and follow a markdown format with YAML frontmatter for description.
Verified SafeView Analysis
The server demonstrates strong security practices: it explicitly checks for path traversal vulnerabilities in file operations, relies on environment variables for sensitive configurations, and uses stdio for communication, minimizing network attack surface. It leverages well-vetted Go libraries and includes security-conscious coding rules in its own standards. No 'eval' or similar dynamic code execution is apparent. However, it's critical that the standards content loaded by the server itself is trusted, as malicious content within the standards files could potentially lead to prompt injection or other issues if consumed by an LLM agent.
Updated: 2026-01-09GitHub
32
2
Low Cost
williajm icon

mcp_docker

by williajm

Sec9

Manages Docker containers, images, networks, and volumes for AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires a running Docker daemon.
  • ⚠️Requires Python 3.11 or higher.
  • ⚠️The `uv` package manager is recommended for installation and running tests.
Verified SafeView Analysis
The server implements a multi-layered security approach: comprehensive input validation, blocking of dangerous shell commands (e.g., `rm -rf /`, fork bombs, `curl | bash`), environment variable injection protection, sensitive mount path blocking, and error message sanitization to prevent information disclosure. It supports OAuth/OIDC authentication with JWKS caching and introspection, IP filtering (with X-Forwarded-For support), and both pre- and post-authentication rate limiting. Audit logging is robust, structured, and includes automatic redaction of sensitive fields in both arguments and results. The `generate_compose` prompt explicitly redacts environment variable values to prevent credential leakage to LLMs. Strict safety tiers (SAFE, MODERATE, DESTRUCTIVE) with configurable overrides and fine-grained tool/resource filtering are implemented. Continuous fuzzing is integrated to proactively identify vulnerabilities. Explicit warnings are logged for insecure configurations (e.g., HTTP transport on non-localhost, exposed Docker sockets). The primary remaining risk noted in `SECURITY.md` is Retrieval Agent Deception (RADE) where malicious container logs, returned verbatim, could potentially manipulate AI agents, recommending user-side filtering.
Updated: 2026-01-13GitHub
32
2
Low Cost
mcpdirect icon
Sec8

MCPdirect Studio serves as a universal access gateway to connect, manage, and share various MCP Servers and tools (including OpenAPI services) with AI Agents and team members from any location.

Setup Requirements

  • ⚠️Requires a user account on the `mcpdirect.ai` platform (mandatory registration/login).
  • ⚠️Requires an active internet connection to communicate with the `mcpdirect.ai` backend services.
  • ⚠️Requires existing MCP Servers or OpenAPI services to connect and manage through the Studio.
  • ⚠️The desktop version (JVM) may require a Java Runtime Environment (JRE) to operate.
Verified SafeView Analysis
The application uses secure practices like SHA256 hashing for passwords and API key truncation in the UI. Network communication is structured via HTTP/HSTP requests to defined backend endpoints. No direct `eval` or similar dangerous patterns were observed. Placeholders for API keys in configuration templates are clearly marked for user input, not hardcoded secrets.
Updated: 2026-01-19GitHub
32
2
Low Cost
milxxyzxc icon

mcp-boilerplate

by milxxyzxc

Sec4

Provides a production-ready boilerplate for an MCP server, enabling seamless connection of AI models to various data sources using Server-Sent Events (SSE) and offering a framework for tool execution.

Setup Requirements

  • ⚠️Requires Node.js (version 14 or higher) and npm.
  • ⚠️The API_KEY environment variable must be explicitly set and secured for production deployments, as it defaults to 'dev_key' and is publicly documented.
  • ⚠️Effective usage requires understanding of the Model Context Protocol (MCP) and its SDK.
Review RequiredView Analysis
The server includes API key authentication for the SSE endpoint; however, the `API_KEY` defaults to 'dev_key' if not set via environment variables. This default value is explicitly shown in the README's usage example, creating a significant security vulnerability if deployed publicly without configuration. It is crucial to set a strong, unique `API_KEY` in production environments.
Updated: 2026-01-19GitHub
32
2
High Cost
sunub icon
Sec9

This server allows AI agents or external applications to explore, search, read, and manage documents within a local Obsidian vault, transforming it into an AI-accessible knowledge base for automated tasks like summarization and property generation.

Setup Requirements

  • ⚠️Requires Node.js 22 or higher.
  • ⚠️The `VAULT_DIR_PATH` environment variable or `--vault-path` argument must be an absolute path to an existing Obsidian vault directory.
  • ⚠️Requires proper integration/configuration with an MCP-supporting AI client (e.g., Claude Desktop, Gemini) to utilize its API tools.
Verified SafeView Analysis
The server primarily operates on a user-specified local Obsidian vault, with robust path validation to prevent arbitrary file system access outside the designated vault directory. File operations are limited to reading, writing (frontmatter), and moving attachments within this defined scope. No direct 'eval' or arbitrary command execution vulnerabilities were identified. The communication uses StdioServerTransport, implying local inter-process communication rather than an exposed network service by default. The main risk relies on the `VAULT_DIR_PATH` being correctly and securely configured by the user.
Updated: 2025-11-30GitHub
32
3
Low Cost
MacHu-GWU icon
Sec9

A Model Context Protocol (MCP) server that connects AI assistants to various SQL databases, providing intelligent query optimization, schema introspection, and secure, token-efficient data interaction.

Setup Requirements

  • ⚠️Requires a JSON configuration file (e.g., `sample_mcp_ohmy_sql_config.json`) defining database connections and schemas, referenced by the `MCP_OHMY_SQL_CONFIG` environment variable.
  • ⚠️Requires external database instances (e.g., PostgreSQL, AWS Redshift) to be running and accessible with correct credentials for full functionality beyond SQLite.
  • ⚠️Requires Python `>=3.10,<4.0`.
  • ⚠️For running published versions without prior installation, `uv` (or `uvx`) package manager is utilized.
Verified SafeView Analysis
The server uses parameterized queries to prevent SQL injection. It implements configurable table filtering for access control. Sensitive database connection details (e.g., passwords, AWS credentials) are intended to be loaded from an external JSON configuration file via an environment variable (`MCP_OHMY_SQL_CONFIG`), not hardcoded in the application logic itself. Test configuration files contain example credentials, but these are for development environments.
Updated: 2025-11-22GitHub
32
9
Low Cost
Wolfe-Jam icon

claude-faf-mcp

by Wolfe-Jam

Sec9

Optimizes AI understanding of software projects by providing persistent context, fixing context-drift, and enabling bi-directional synchronization between project metadata and AI documentation.

Setup Requirements

  • ⚠️Requires 'faf-cli' (`npm install -g faf-cli`) to be installed globally and be discoverable via system PATH for full functionality (some core commands are bundled, but many delegate).
  • ⚠️Requires manual configuration in `claude_desktop_config.json` (specifying 'npx claude-faf-mcp' as the MCP server command) and restarting Claude Desktop for activation.
  • ⚠️Node.js and npm must be installed on the local system to run the server.
Verified SafeView Analysis
The server demonstrates robust security practices including path validation to prevent traversal and access to forbidden system directories, file size limits for read/write operations (50MB), and argument sanitization for external command calls. A significant portion of core functionality ('Mk3 Bundled Engine') has been refactored to native TypeScript, greatly reducing the attack surface from shell injection. The `http-sse` transport defaults to binding on `0.0.0.0` with CORS enabled, which is standard for local development tools but could pose a minor network exposure risk if the server is unintentionally made accessible beyond the local machine.
Updated: 2026-01-08GitHub
32
5
Medium Cost
BlueEventHorizon icon

Swift-Selena

by BlueEventHorizon

Sec9

Swift code analysis and development assistance for Claude AI, providing static analysis, LSP integration, and project insights even with build errors.

Setup Requirements

  • ⚠️Requires macOS 13.0 or later.
  • ⚠️Requires Swift 5.9 or later.
  • ⚠️Full LSP features (like `find_symbol_references`) are not supported for Xcode projects (.xcodeproj/.xcworkspace) due to SourceKit-LSP limitations (Issue #730). They work for Swift Packages. The server gracefully degrades to SwiftSyntax-only for these cases.
  • ⚠️Semantic search features (v0.6.0+), if implemented, will require macOS 15+ and Apple Silicon.
Verified SafeView Analysis
The server primarily performs local file system operations and code analysis using SwiftSyntax and SourceKit-LSP. It explicitly excludes common sensitive directories from searches (.build, .git, Pods, DerivedData etc.). Communication is via standard I/O pipes. No direct network risks, 'eval' usage, or hardcoded secrets were identified. The architecture is designed for local execution and privacy.
Updated: 2026-01-08GitHub
32
2
High Cost
RoboFinSystems icon

robosystems

by RoboFinSystems

Sec9

RoboSystems is an enterprise-grade financial knowledge graph platform that transforms complex financial and operational data into actionable intelligence through graph-based analytics, AI-powered insights, and multi-source data integration for various financial applications.

Setup Requirements

  • ⚠️Requires Docker & Docker Compose, uv, and rust-just for local development environment setup.
  • ⚠️Minimum system requirements: 8GB RAM and 20GB free disk space.
  • ⚠️Deployment to AWS (staging/production) requires an AWS account with IAM Identity Center (SSO) and initial `just bootstrap` configuration.
Verified SafeView Analysis
The system implements a multi-layered security approach including strict input validation (e.g., `validate_cypher_query`, `sanitize_string`), robust authentication (JWT, API Keys with hashing, encryption, caching, and revocation), fine-grained authorization (role-based access to graphs and organizations), and comprehensive rate limiting. Secrets are managed centrally via AWS Secrets Manager for production. Dynamic Content Security Policies and security headers are enforced. Internal exceptions are masked from API clients, providing generic error messages with correlation IDs. Specialized middleware is in place for logging, rate limiting, and database session management. A dedicated `cypher_analyzer` identifies and mitigates dangerous queries. Encryption (Fernet) is used for sensitive connection credentials. Advanced authentication protection mechanisms (e.g., progressive delays for suspicious IP addresses) are also present. Administrative tools for infrastructure access (SSM tunnels) are privileged but controlled.
Updated: 2026-01-19GitHub
32
2
Medium Cost
JoKFA icon
Sec9

Automated security assessment and vulnerability detection for Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Python 3.11+ and Node.js 18+ (if assessing Node.js MCPs).
  • ⚠️Requires Docker 24+ running with appropriate user permissions (e.g., Docker Desktop, or user in `docker` group on Linux).
  • ⚠️Initial setup requires building Docker 'fat images' (`mcp-runner-python`, `mcp-runner-node`) via `scripts/build-fat-images.sh`.
  • ⚠️Resource intensive: 4+ vCPU, 8GB RAM, 5GB free disk per assessment recommended.
  • ⚠️Network/proxy configuration may be required for `git clone`, `npm install`, and target MCP network access in restricted environments.
Verified SafeView Analysis
The framework itself is designed with strong security principles, isolating target MCPs in Docker containers and enforcing policies (rate limiting, scope, redaction) via a SafeAdapter. Critical operations like git cloning and running internal commands are performed within these isolated environments. While complex interactions with Docker sockets and `exec_run` carry inherent risks, the implementation shows careful handling (e.g., `shlex.quote`, binary header parsing for `stdio` streams). No direct `eval()` calls by the framework were found. The primary attack surface is the target MCPs it assesses, which it aims to contain securely within sandboxes.
Updated: 2025-12-13GitHub
32
2
Low Cost
rokstrnisa icon

ai-calls-editor

by rokstrnisa

Sec9

Facilitates AI-powered code refactoring within a VS Code environment by exposing an MCP server to AI assistants.

Setup Requirements

  • ⚠️Requires VS Code to be running and the Extension Development Host launched (F5).
  • ⚠️Requires 'pnpm' for dependency management and compilation.
  • ⚠️Requires an open VS Code workspace for operations to succeed.
Verified SafeView Analysis
The server runs on localhost by default, limiting external network exposure. Input to the 'rename_symbol' tool is validated using Zod schemas. The 'resolveToWorkspace' function prevents directory traversal, and the core rename functionality delegates to VS Code's built-in LSP-backed command ('vscode.executeDocumentRenameProvider'), which operates within a controlled IDE environment rather than executing arbitrary shell commands. No 'eval' or hardcoded secrets were found.
Updated: 2025-11-20GitHub
PreviousPage 181 of 713Next